Vulnerabilities > SAP > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-40503 | Insufficiently Protected Credentials vulnerability in SAP GUI for Windows An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. | 2.1 |
| 2021-11-05 | CVE-2021-41251 | Information Exposure vulnerability in SAP Cloud SDK @sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. | 2.6 |
| 2021-10-12 | CVE-2021-40498 | Unspecified vulnerability in SAP Successfactors Mobile A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. | 2.1 |
| 2021-09-15 | CVE-2021-33696 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site. | 3.5 |
| 2021-09-15 | CVE-2021-33694 | Cross-site Scripting vulnerability in SAP Cloud Connector 2.0 SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting. | 3.5 |
| 2021-09-14 | CVE-2021-33679 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. | 3.5 |
| 2021-09-14 | CVE-2021-21489 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. | 3.5 |
| 2021-08-10 | CVE-2021-33703 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. | 2.6 |
| 2021-08-10 | CVE-2021-33702 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. | 2.6 |
| 2021-08-10 | CVE-2021-33699 | Unspecified vulnerability in SAP Fiori Client 3.2 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. low complexity sap | 3.3 |